Re: [Design] letting traffic flow through a SG by default

-----BEGIN PGP SIGNED MESSAGE-----
| From: D. Hugh Redelmeier <hugh@mimosa.com>

|     conn packetdefault
| 	    leftsubnet=0.0.0.0/0
| 	    also=private-or-clear

Oops: I meant:

conn packetdefault

	type=tunnel
    	left=%defaultroute
	# leftid is affected by myid=
	leftsubnet=0.0.0.0/0
	right=%opportunistic
	failureshunt=passthrough
	keyingtries=3
	ikelifetime=1h
	keylife=1h
	rekey=no
	auto=route

This must be a 0.0.0.0/0 -> 0.0.0.0/0 eroute, so this cannot be a policy group. Otherwise the characteristics are similar to private-or-clear.

(Thanks, Claudia for pointing this out.)

Hugh Redelmeier
hugh@mimosa.com voice: +1 416 482-8253

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPm/vI8FAuQPManGZAQEW9gQAldN71rgYfvJ127AnEipFnH4CnWrYOuQa Yzcxm2uqFXpBvYljQErYCib2nBijMMErByQu7rFgEBi5u/VEJRetYHlhtSfWZF/T 8Z+rl5stFvZx4x0MMCfWN2tJMOWDgNktEvovl7pRVEr6Q3/xpp5sUQmq/XGoZdAi 3Bu7k6q5qzY=
=G3LL
-----END PGP SIGNATURE-----

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek